Procurement Bill of Rights: On Data and Privacy

If the cloud contract is silent, then you’ve pretty much given up your data privacy rights. However, when the cloud-based applications provider is also a cloud-based network provider, you are opening a MUCH larger can of worms. Consider how you could be violating data confidentiality clauses in the contracts that you have with the thousands of other suppliers in your supply base if the cloud-based applications provider is also your network provider. And you might unknowingly consent to sharing this information.

To determine your comfort level with providers that are silent on the issue and might push back on privacy requests, ask the following question: Do you believe your suppliers are comfortable with you sending their confidential trading data with you out to a third party business network, especially regarding pricing and terms, even though the party promised to ‘blind’ the data (and also protected itself by insisting on not signing a data privacy clause you rightly tried to get inserted into the cloud contract)?

More to the point, are you sure that your supplier contracts won't be violated by your volunteering of your commercial data with the network provider? The network provider doesn’t care as long as they don’t have to sign an NDA with you. This is likely one of the reasons why we keep hearing our clients telling us that Ariba (SAP) is so insistent on not signing such data confidentiality clauses regarding the Ariba Network, because then they would be liable for re-selling any “network-derived insights” as a key attractor in their value proposition (aka the “network effect”).

Of course, you might ask yourself, does the supplier really care if you offer up some data if it’ll be used in a blinded way? Well, consider an example of something like Supplier InfoNet, which we’ve written about here, here, here, here, and here. It’s a nice idea, but only with a supplier opt-in to have the buyer share their data.

Why? Otherwise, in a network model, the pricing to all buyers may be shared in a "blinded" quartile chart that the buyer can compare to his/her current pricing (even though other service levels and non-price factors are not necessarily included). To a supplier, this is price benchmarking and a ‘race to the bottom.’ Yes, a data point with their name didn’t show up, but it had the same effect.

This is the same issue with price masking in high tech and why buyers don’t want to screw their suppliers (and sharing the buyer’s discounting prowess with its competitors) by sharing how low they will go. Is this really an attractive selling channel to a seller? Of course, the seller can choose to do a different type of “opt in” and join InfoNet itself and similarly screw its suppliers – and so on right up the supply chain.

As business networks look to provide such value-added services in mission-critical supply chains, they, and the buyers they serve, need to think very hard about what they are actually doing from a commercial and risk management point of view (e.g., is this level of risk really worth it to SAP? Is it really core to make money in this way rather than selling the infrastructure/platform services to build secure and trusted trading networks?)

When I get to the final post in this series, I will identify some of the simple things that such business networks can do to protect their customers and themselves while still offering value to the broader B2B community.

Finally, do you think we are out of line here? Why is there not more public discussion around this topic? I know we are opening ourselves up to backlash from large providers here, but I do think that someone needs to advocate on behalf of the user community – and in the long run – for the benefit of the provider community as well.

In our next post, I will highlight the fourth item in this Procurement Bill of Rights: the right to choose which applications I want AND independently also have the ability to deploy and finance them how I want.